Thursday, January 31, 2013

New security fix for Rails 2.3.x. Applications updated on BitNami

A new Rails security issue that affects older versions of Rails (2.3.x and 3.0.x) was recently announced. This is a vulnerability related to the JSON parser code for Ruby on Rails with allows attackers to bypass authentication systems, inject arbitrary SQL or inject and execute arbitrary code.

We are also removing older versions of BitNami Rails apps published on the Windows Azure and Amazon Cloud catalog and marketplace and that may be vulnerable to these security issues.

For more details about these security issues please check the information provided in the official Ruby On Rails blog. If you already have installed a version of these applications please make sure that you update your environment or apply the appropriate patches.